Apache auth
Posted: Sun Sep 06, 2015 10:37 pm
We use ldap auth and hence I I have created users in zm to apply the specific settings a given user needs however I get all kinds of intermittent errors with socket files and broken streaming.
The http config I am using looks like:
Zoneminder is setup with OPT_USE_AUTH: enabled, AUTH_TYPE: remote, AUTH_RELAY: hashed.
I get many socket failures and "Unable to authenticate user" lines in the log. This is using current packages from zmrepo on Centos7 with selinux set to permissive. Without external auth everything works fine.
Setting AUTH_RELAY: none seems to resolve the socket and "Unable to authenticate user".
For the sake of correctness, what is the suggested practice for this use case where authentication is delegated to apache but zoneminder controls authorization?
Thanks!
The http config I am using looks like:
Code: Select all
<VirtualHost *:80>
ServerName foo.domain.com
ServerAlias foo.domain.com
DocumentRoot /usr/share/zoneminder/www
<Location />
Options -Indexes +MultiViews +FollowSymLinks
AllowOverride All
<RequireAll>
AuthType Basic
AuthName "Security DVR Access"
AuthBasicAuthoritative On
AuthBasicProvider ldap
...
</RequireAll>
</Location>
ScriptAlias /cgi-bin-zm "/usr/libexec/zoneminder/cgi-bin"
<Directory "/usr/libexec/zoneminder/cgi-bin">
AllowOverride All
Options ExecCGI
<RequireAll>
AuthType Basic
AuthName "Security DVR Access"
AuthBasicAuthoritative On
AuthBasicProvider ldap
...
</RequireAll>
</Directory>
</VirtualHost>
I get many socket failures and "Unable to authenticate user" lines in the log. This is using current packages from zmrepo on Centos7 with selinux set to permissive. Without external auth everything works fine.
Setting AUTH_RELAY: none seems to resolve the socket and "Unable to authenticate user".
For the sake of correctness, what is the suggested practice for this use case where authentication is delegated to apache but zoneminder controls authorization?
Thanks!